Three lines of defence
Hoist Finance’s risk management is built around a sound risk culture; an efficient operating structure governed by policies and guidelines and transparent reporting and monitoring. The Board of Directors’ risk management policy stipulates the framework, roles and responsibilities for risk management and the guidelines for ensuring that there is adequate capital and liquidity to withstand economic adversity.
Hoist Finance’s risk management allocates roles and responsibilities in accordance with three lines of defence, described in the Corporate Governance Report.
We have a deep insight and understanding of why a sound risk culture is essential for efficient risk management. Therefore, structured efforts are taken to support and promote a sound risk culture within Hoist Finance. We define a sound risk culture as:
- Transparency, where information is shared as far as possible and all communication and feedback is clear, concise and constructive.
- Teamwork, where the atmosphere is open and it is easy to share and learn from experience, both from successes and from failures.
- Balance between risk/reward, where all decisions and considerations take into account both the risk and the reward that the decision entails. We believe that constructive discussions on risk and reward are essential for sophisticated decision-making on business opportunities.
- Sound incident management, where incidents are reported, analysed and actions taken to mitigate risks as far as economically justifiable; and where a sound and formative risk culture promotes learning from mistakes to continuously improve.
Promoting a balanced risk culture is a long-term and continuous endeavor that permeates everything that we do. Internal rules, remuneration systems, incentives, ethical guidelines, formal educational initiatives and other governing mechanisms within the company are designed to ensure that the risk culture develops in a positive direction. We strive to improve the risk culture further and have initiated work to broaden the risk management to ensure inclusion of risks outside what was previously considered traditional risk types for a bank. These risks include for example climate change and the well-being of our employees. This work is done in close collaboration with our Sustainability team and via active participation in the Business Ethics and Sustainability Committee.
Our information security management continues to focus on protecting our customer data and business critical information. The demands of regulatory requirements for the finance industry are high and going forward we will see an increase in those that we need to adhere to, therefore, this is a prioritized part of the Security work at Hoist Finance.
During the year we have seen a considerable increase of cyber-attacks towards the finance sector as well as evolving attack methods. In order to prevent the new attack methods, we have taken several initiatives and implemented various defense mechanisms.
The Board of Directors and our Management are continuously engaged in the work with information security. Reporting is done on a quarterly basis to the Management team and the Board, both when it comes to KPI’s within the field as well as follow ups on any incidents or special projects.
Security is handled in all three layers of defense where the first layer is focused on operations, the second on reviews and tests and the third on internal audits.
An important part of the security management is having a high security awareness level among our employees; therefore, we have invested in a new training and awareness tool to test and train our staff on a regular basis. The results are carefully examined to identity any gaps towards our target.
Apart from protecting our business and our customers we also want to contribute to a stable and secure financial market.